petra: internal functions are now serialized
Description
Description
Details
Details
- Auditors
elexis - Committed
mimo Nov 30 2014, 8:05 PM - Parents
- rP16015: fix default ai difficulty when using autostart, was easy since r15990
- Branches
- Unknown
- Tags
Event Timeline
Comment Actions
As reported by user1, this causes an OOS without rejoin if one is on windows and the other on unix due to different lineendings on the systems:
--- /home/john/Downloads/kuhler_driver-0.61/compare/one/xal +++ /home/john/Downloads/kuhler_driver-0.61/compare/two/xal @@ -73,8 +73,8 @@ "position": 0 }, "func": { - "isGo": "(function (gameState) {\n\"use strict\";\n\n\t\t\tif (!gameState.ai.HQ.canBuild(gameState, \"structures/{civ}_house\"))\n\t\t\t\treturn false;\n\t\t\tif (gameState.getPopulationMax() <= gameState.getPopulationLimit())\n\t\t\t\treturn false;\n\t\t\tlet freeSlots = gameState.getPopulationLimit() - gameState.getPopulation();\n\t\t\tfor (let ent of gameState.getOwnFoundations().values())\n\t\t\t\tfreeSlots += ent.getPopulationBonus();\n\n\t\t\tif (gameState.ai.HQ.saveResources)\n\t\t\t\treturn freeSlots <= 10;\n\t\t\telse if (gameState.getPopulation() > 55)\n\t\t\t\treturn freeSlots <= 21;\n\t\t\telse if (gameState.getPopulation() > 30)\n\t\t\t\treturn freeSlots <= 15;\n\t\t\treturn freeSlots <= 10;\n\t\t})", - "onStart": "(function (gameState)\n{\n\"use strict\";\n\n})" + "isGo": "(function (gameState) {\n\"use strict\";\n\r\n\t\t\tif (!gameState.ai.HQ.canBuild(gameState, \"structures/{civ}_house\"))\r\n\t\t\t\treturn false;\r\n\t\t\tif (gameState.getPopulationMax() <= gameState.getPopulationLimit())\r\n\t\t\t\treturn false;\r\n\t\t\tlet freeSlots = gameState.getPopulationLimit() - gameState.getPopulation();\r\n\t\t\tfor (let ent of gameState.getOwnFoundations().values())\r\n\t\t\t\tfreeSlots += ent.getPopulationBonus();\r\n\r\n\t\t\tif (gameState.ai.HQ.saveResources)\r\n\t\t\t\treturn freeSlots <= 10;\r\n\t\t\telse if (gameState.getPopulation() > 55)\r\n\t\t\t\treturn freeSlots <= 21;\r\n\t\t\telse if (gameState.getPopulation() > 30)\r\n\t\t\t\treturn freeSlots <= 15;\r\n\t\t\treturn freeSlots <= 10;\r\n\t\t})", + "onStart": "(function (gameState)\r\n{\n\"use strict\";\n\r\n})" } } ],
Using eval is bad practice because it can allow arbitrary (JS) code execution for an attacker who could insert that code into a savegame or a simstate used for rejoining, which must be one of the reasons why serialization of functions is not implemented in the BinarySerializer.cpp.
See also https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval